github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library’s behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image.
bugzilla.suse.com/show_bug.cgi?id=1200299
github.com/advisories/GHSA-qrg7-hfx7-95c5
github.com/rancher/wrangler/commit/12397eec50155cb2d24aa70bdf9e90c5f3b9a727
github.com/rancher/wrangler/commit/341018c8fef3e12867c7cb2649bd2cecac75f287
github.com/rancher/wrangler/commit/5a387e13e8d51e3340d9e5012a1951f0cca5fc90
github.com/rancher/wrangler/commit/8649ecc062204f28764fd80157a621cbae89c9cf